Webcheck.pt aims to make it clearer and simpler to understand the most relevant standards and best practices to keep your domain secure. The recommendations presented are merely indicative of some of the best practices that should be adopted in order to better secure the online presence of your organization.
DNSSEC (Domain Name System Security Extensions) are the security extensions of the Domain Name System (DNS) protocol designed to protect and authenticate DNS traffic. These extensions make use of asymmetric encryption technology to ensure the authenticity and integrity of information exchanged between the DNS servers and between these and the users applications.
To learn more about DNSSEC, please check: "Tutorial DNSSEC"
, Associação DNS.PT, 2019 (Only available in Portuguese).
SPF, DKIM and DMARC
SPF, DKIM and DMARC are standards aimed at enhancing the security of organizations' email communications. The SPF (Sender Policy Framework) is intended to limit the authorized channels for sending e-mail, DKIM (DomaimKeys Identified Mail) aims to ensure the integrity and authenticity of the email sent through the use of asymmetric encryption technology and DMARC (Domain-based Message Authentication, Reporting and Conformance) allows you to declare to the recipient domain what he should do after receiving an email that fails the validation of SPF and / or DKIM.
To learn more about SPF, DKIM and DMARC, please check: "Recomendação Técnica 01/2019”
, Centro Nacional de Cibersegurança, 2019 (Only available in Portuguese).
The STARTTLS and DANE, especially when used together, are effective mechanisms to prevent the interception or manipulation of e-mail traffic. STARTTLS is an extension to the SMTP protocol that allows that email servers use the TLS protocol to exchange a message through private and authenticated communication over the Internet. The DANE protocol allows the indication, in a verifiable way, that the email server(s) are provided by the organization and also to prefer to establish a secure connection (encrypted via STARTTLS) with any other email server that also supports it.
PROTECT PARKED DOMAINS
A parked domain is a domain that is not associated with sending e-mail, which, without proper security measures, can be used relatively easily to forge e-mail addresses (email spoofing) and send phishing messages. In this sense, and in order to prevent its abuse, a set of good practices that should be adopted with this type of domains stands out.
For more information on the protection of parked domains, refer to Recomendação Técnica 01/2020
, Centro Nacional de Cibersegurança, 2020 (Only available in Portuguese).